Support for Azure Disk Encryption-protected machines
We need to be able to use ASR to protect/replicate Azure virtual machines protected by Azure Disk Encryption.
VMs enabled for encryption with Azure AD app are supported. Refer this to enable to enable replication of Azure disk encryption (ADE) enabled VMs, from one Azure region to another – https://docs.microsoft.com/en-us/azure/site-recovery/azure-to-azure-how-to-enable-replication-ade-vms
Does ASR now finally support ADE encryption ( the model not using AAD app to encrypt ) ?
Sam Khanjar commented
How about VM's that have already been encrypted using Azure VM extension for ADE? (i.e. ADE without AAD app registration)
Peter Bollwerk commented
Based on the Azure documentation, there appear to be 2 ways to encrypt VMs.
1) Azure Disk Encryption (ADE)
2) Azure Disk Encryption with Azure Active Directory (ADE w/ AAD)
Currently, Azure Site Recovery doesn't support VMs encrypted using method 1. Unfortunately, all of our VMs are encrypted like this and it appears we would have to recreate all of our VMs if we wanted to switch to using method 2, to support Azure Site Recovery. This is obviously not a desirable option, so we were wondering if there are plans for Azure Site Recovery to support VMs encrypted using method 1.
I was able to accomplish this successfully untill it's officially supported
Mark van de Beek commented
Ideally there would be an option to enable disk encryption on the replica disk in the DR site. Currently it isn't possible to add an Azure VM to ASR when ADE is enabled but the workaround is to add the VM to ASR before ADE is applied. And use the console to enter the recovery key when the failover has taken place. This workable for a few VM's but for complete site failover this unmanageable.